BestHub
Sign in
Backend Development 17 min read

How to Reverse Engineer Laifeng Live Chat API and Send Automated Messages with Python

This guide walks through extracting and reproducing the encrypted parameters required to post chat messages on Laifeng live streams, covering site navigation, packet capture, timestamp generation, signature calculation via JavaScript decryption, and a complete Python script that logs in, builds the request, and sends the comment.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
How to Reverse Engineer Laifeng Live Chat API and Send Automated Messages with Python

This article presents a step‑by‑step tutorial for a web‑scraping project that automates sending chat messages on the Laifeng live‑streaming platform. It explains how to navigate to the target site, enter a live room, log in, and capture the network packet that carries a comment.

Analysis (x0)

After logging in, the captured request contains roomid (the live‑room identifier) and content (the message). The roomid can be read from the URL, while the t parameter is a timestamp generated by JavaScript new Date().getTime(). The sign parameter is a JavaScript‑generated signature that also depends on the timestamp.

Analysis (x1)

The timestamp t is simply the current Unix time in milliseconds. In Python it can be reproduced with:

import time
t = str(int(time.time() * 1000))

To compute sign, the original JavaScript code is examined. It uses a series of bitwise operations (functions h, i, j, k) similar to an MD5‑like algorithm. By loading the JavaScript file with execjs, the same function can be called from Python.

Analysis (x2)

Further debugging shows that the request also includes a constant appKey, a dictionary c whose data field contains the JSON payload, and a token value that is actually stored in the cookies. All these values are assembled into the final GET request URL that carries t and sign.

Code

import requests
import execjs
import time

ck = 'YOUR_COOKIE_STRING'
headers = {
    'authority': 'www.laifeng.com',
    'method': 'GET',
    'path': '/?',
    'scheme': 'https',
    'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
    'accept-encoding': 'gzip, deflate, br',
    'accept-language': 'zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7',
    'cache-control': 'no-cache',
    'cookie': ck,
    'pragma': 'no-cache',
    'sec-ch-ua-mobile': '?0',
    'sec-fetch-dest': 'document',
    'sec-fetch-mode': 'navigate',
    'sec-fetch-site': 'none',
    'sec-fetch-user': '?1',
    'upgrade-insecure-requests': '1',
    'user-agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.25 Safari/537.36 Core/1.70.3870.400 QQBrowser/10.8.4405.400'
}

# Step 1: Get homepage (optional)
url = 'https://www.laifeng.com/'
requests.get(url, headers=headers)

# Step 2: Access a specific live room
room_id = '711329'
url = f'https://v.laifeng.com/{room_id}'
requests.get(url, headers=headers)

# Step 3: Generate timestamp and signature
t = str(int(time.time() * 1000))
with open('js1.js', 'r', encoding='utf-8') as f:
    ctx = execjs.compile(f.read())
sign = ctx.call('test', '{"roomId":"711329","content":"Test message"}', t)

# Step 4: Send the comment
post_url = f'https://acs.laifeng.com/h5/mtop.youku.live.platform.chat/1.0/?jsv=2.6.1&appKey=24679788&t={t}&sign={sign}&type=originaljson&dataType=json&api=mtop.youku.live.platform.chat&v=1.0&ecode=1'
post_data = {'data': '{"roomId":"711329","content":"Test message"}'}
post_headers = {
    'authority': 'acs.laifeng.com',
    'method': 'POST',
    'path': f'/h5/mtop.youku.live.platform.chat/1.0/?jsv=2.6.1&appKey=24679788&t={t}&sign={sign}&type=originaljson&dataType=json&api=mtop.youku.live.platform.chat&v=1.0&ecode=1',
    'scheme': 'https',
    'accept': 'application/json',
    'accept-encoding': 'gzip, deflate, br',
    'accept-language': 'zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7',
    'cache-control': 'no-cache',
    'content-length': '65',
    'content-type': 'application/x-www-form-urlencoded',
    'cookie': ck,
    'origin': 'https://v.laifeng.com',
    'pragma': 'no-cache',
    'referer': f'https://v.laifeng.com/{room_id}',
    'sec-ch-ua-mobile': '?0',
    'sec-fetch-dest': 'empty',
    'sec-fetch-mode': 'cors',
    'sec-fetch-site': 'same-site',
    'user-agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.25 Safari/537.36 Core/1.70.3870.400 QQBrowser/10.8.4405.400'
}
response = requests.post(post_url, headers=post_headers, data=post_data)
print(response.text)

Result

The script successfully sends a comment to the specified live room. The response from the server confirms that the request was accepted.

Original source: blog.csdn.net/Python_shannian/article/details/120059842

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

JavaScriptPythonlive streamingAPI reverse engineering
MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment